CVE-2017-0377

Tor 0.3.x before 0.3.0.9 has a guard-selection algorithm that only considers the exit relay (not the exit relay's family), which might allow remote attackers to defeat intended anonymity properties by leveraging the existence of large families.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:torproject:tor:0.3.0.1:alpha:*:*:*:*:*:*
cpe:2.3:a:torproject:tor:0.3.0.2:alpha:*:*:*:*:*:*
cpe:2.3:a:torproject:tor:0.3.0.3:alpha:*:*:*:*:*:*
cpe:2.3:a:torproject:tor:0.3.0.4:*:*:*:*:*:*:*
cpe:2.3:a:torproject:tor:0.3.0.5:*:*:*:*:*:*:*
cpe:2.3:a:torproject:tor:0.3.0.6:*:*:*:*:*:*:*
cpe:2.3:a:torproject:tor:0.3.0.7:*:*:*:*:*:*:*
cpe:2.3:a:torproject:tor:0.3.0.8:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-07-02 15:29

Updated : 2024-02-04 19:29


NVD link : CVE-2017-0377

Mitre link : CVE-2017-0377

CVE.ORG link : CVE-2017-0377


JSON object : View

Products Affected

torproject

  • tor
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor